Bug 962426 – [RFE] Add support for kerberos

Bug 962426 - [RFE] Add support for kerberos

Summary:	[RFE] Add support for kerberos

Status:	CLOSED DEFERRED

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	nginx (Show other bugs)
Sub Component:
Version:	19
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	---
Target Release:	---
Assigned To:	Jamie Nguyen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2013-05-13 09:16 EDT by Tomas Tomecek
Modified:	2013-08-26 15:01 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-08-26 15:01:17 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
added upport for spnego (kerberos) (19.25 KB, patch) 2013-05-15 04:19 EDT, Tomas Tomecek	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Tomas Tomecek 2013-05-13 09:16:31 EDT

Description of problem:
Compile nginx with Kerberos (spnego) support

Additional info:
There is nginx [1] module (actually, not just one [2][3]) that supports spnego. This would be really handy when running nginx in corporate domain. I'll try to build it myself (scratchbuild in koji) and if successful I'll post patch here.

[1] https://github.com/stnoonan/spnego-http-auth-nginx-module
[2] https://github.com/muhgatus/spnego-http-auth-nginx-module
[3] https://github.com/ifad/spnego-http-auth-nginx-module

Comment 1 Tomas Tomecek 2013-05-15 04:19:12 EDT

Created attachment 748141 [details]
added upport for spnego (kerberos)

So I added patch (it is patched specfile, el6 branch -- fedora is pretty similar) and with this binary I was able to use kerberos with nginx. I think it would be pretty awesome, if nginx were build with the spnego module. I used this one [1].

[1] https://github.com/stnoonan/spnego-http-auth-nginx-module

Comment 2 Jamie Nguyen 2013-05-26 15:38:09 EDT

Thanks for your comments.

We've had a few requests for third-party modules. I'll try looking into doing things similar to Debian (with nginx-full, nginx-light, nginx-extras packages). I'll keep you posted.

Comment 3 Jamie Nguyen 2013-05-26 15:40:33 EDT

One of the main issues with supporting third-party modules is that sometimes they can hold back upgrading to the latest version of nginx. We pretty much always want to be tracking the latest version of nginx, and I'm not sure I like the idea of picking up extra modules, only to have to drop them intermittently and add them back some time in the hand-wavy future once their development has caught up with upstream.

Comment 4 Tomas Tomecek 2013-05-27 04:06:30 EDT

Okay, that's reasonable. It would be really inconvenient to hold update back due to some module. Feel free to close this (patch is here if someone would need it).

Comment 5 Jamie Nguyen 2013-08-26 15:01:17 EDT

Closing for now, but I do plan to explore the possibility of including third-party modules (possibly in a similar fashion to how Debian do things).

Note You need to log in before you can comment on or make changes to this bug.